Skip to main content
CVE-2020-27848 HIGH POC PATCH This Week

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dotcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-35782 HIGH POC This Week

Certain NETGEAR devices are affected by lack of access control at the function level. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-10209 HIGH POC This Week

Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2020-29228 HIGH POC This Week

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi User Registration And Login System With Admin Panel
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-28095 HIGH POC This Week

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-35737 HIGH POC THREAT This Week

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Egov
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
10.3%
CVE-2020-35849 HIGH POC PATCH This Week

An issue was discovered in MantisBT before 2.24.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Mantisbt
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-28736 HIGH PATCH This Week

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-28735 HIGH PATCH This Week

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-28734 HIGH PATCH This Week

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Plone
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-35789 HIGH This Week

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Nms300 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-35785 HIGH This Week

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Dgn2200 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-35778 HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF Gs716T Firmware Gs724T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-26296 HIGH PATCH This Week

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Node.js Vega
NVD GitHub
CVSS 3.1
8.7
EPSS
1.4%
CVE-2020-35779 HIGH This Week

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Nms300 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2020-35777 HIGH This Week

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Dgn2200V1 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2020-35839 HIGH This Week

Certain NETGEAR devices are affected by Stored XSS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-35831 HIGH This Week

Certain NETGEAR devices are affected by stored XSS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-35787 HIGH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear D3600 Firmware D6000 Firmware D6200 Firmware +23
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-35798 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R6400V2 Firmware R6700V3 Firmware R6900P Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-35841 HIGH This Week

Certain NETGEAR devices are affected by stored XSS. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D6200 Firmware D7000 Firmware Jnr1010V2 Firmware +15
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2020-35802 HIGH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbw30 Firmware Rax75 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-35801 HIGH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2020-35784 HIGH This Week

Certain NETGEAR devices are affected by lack of access control at the function level. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy